A virtual private network (VPN) is a private network in which communication is transferred, at least in part, over public networking infrastructure such as the Internet. VPNs are widely used for communication within or between companies, as they may extend the geographic area over which users may connect with a company's network, reduce transit time and transportation costs for remote users, and improve worker productivity.
To connect to some VPNs, a user invokes one or more software components (e.g., a VPN client application) residing on his/her client device (e.g., a personal computer, personal digital assistant or other device) to establish connectivity. Invoking the software component(s) causes the client device to communicate with a network access gateway on the VPN which typically verifies the user's access credentials based on information provided by the software component(s). Once authentication occurs, applications running on the client device are typically able to access resources on the network as needed. A network resource may include, for example, a web page, data structure (e.g., file), or e-mail server. Each time an application on the client device requests access to a network resource, the gateway facilitates the connection. This arrangement is generally known as the “traditional VPN” model.
With other VPNs, economic and/or security concerns may cause other access techniques to be employed. For example, there has been a recent shift toward employing an application proxy with Secure Sockets Layer (SSL) technology to establish remote user access to a VPN. Briefly, in an arrangement wherein an application proxy is employed, before client applications may access resources on the network, a user employs a browser application running on the client device to navigate to a web page designated as an access point to the VPN. The user may supply login credentials via the browser application to gain access to the VPN. Upon authentication, other applications running on the client device may be able to access network resources without the user having to supply login credentials again. This arrangement is generally known as the “application proxy” model.
One reason for the shift toward the application proxy model is that it is less expensive for businesses to deploy, since software components enabling automatic authentication to the VPN need not be installed and maintained on all client devices. Another reason is that the application proxy model provides additional security benefits in that communication received at the access point may be more strictly monitored than in a traditional VPN arrangement, such that it may be more difficult for a malicious party to employ the client device to attack a corporate VPN.